Which prevention technique will prevent attacks based on packet count?
A. zone protection profile
B. URL filtering profile
C. antivirus profile
D. vulnerability profile
|
Download Printable PDF. VALID exam to help you PASS. |
 |
Which prevention technique will prevent attacks based on packet count?
A. zone protection profile
B. URL filtering profile
C. antivirus profile
D. vulnerability profile
|
Download Printable PDF. VALID exam to help you PASS. |
|
zone protection profile
A Zone Protection profile is applied to an ingress zone. It offers protection against floods, reconnaissance attacks, and other packet-based attacks. Zone protection is broad-based protection and is not designed to protect a specific end host or traffic going to a particular destination zone. Only a single Zone Protection profile can be applied to a zone. Zone protection is enforced only when there is no session match for the packet because zone protection is based on new CPS, not on packets per second (pps). If the packet matches an existing session, it will bypass the Zone Protection profiles.
A
Correct answer is D-vulnerability profile
please expound… not seeing how vulnerability protection security profile can prevent an attack based on packet count. am a newbie so i’d like to know how it does it.
Thanks
Vulnerability Protection security profiles stop attempts to exploit system flaws or gain unauthorized access to systems. While Anti-Spyware security profiles identify infected hosts as traffic leaves the network, but Vulnerability Protection security profiles protect against threats entering the network. For example, Vulnerability Protection security profiles protect against buffer overflows, illegal code execution, and other attempts to exploit system vulnerabilities. The default Vulnerability Protection security profile protects clients and servers from all known critical-, high-, and medium-severity threats. You also can create exceptions that enable you to change the response to a specific signature.
A Zone Protection profile is applied to an ingress zone. It offers protection against floods, reconnaissance attacks, and other packet-based attacks. Zone protection is broad-based protection and is not designed to protect a specific end host or traffic going to a particular destination zone. Only a single Zone Protection profile can be applied to a zone. Zone protection is enforced only when there is no session match for the packet because zone protection is based on new CPS, not on packets per second (pps). If the packet matches an existing session, it will bypass the Zone Protection profiles.